Apple 10.5 Leapard Bedienungsanleitung

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275

Zur Seite of

Richtige Gebrauchsanleitung

Die Vorschriften verpflichten den Verkäufer zur Übertragung der Gebrauchsanleitung Apple 10.5 Leapard an den Erwerber, zusammen mit der Ware. Eine fehlende Anleitung oder falsche Informationen, die dem Verbraucher übertragen werden, bilden eine Grundlage für eine Reklamation aufgrund Unstimmigkeit des Geräts mit dem Vertrag. Rechtsmäßig lässt man das Anfügen einer Gebrauchsanleitung in anderer Form als Papierform zu, was letztens sehr oft genutzt wird, indem man eine grafische oder elektronische Anleitung von Apple 10.5 Leapard, sowie Anleitungsvideos für Nutzer beifügt. Die Bedingung ist, dass ihre Form leserlich und verständlich ist.

Was ist eine Gebrauchsanleitung?

Das Wort kommt vom lateinischen „instructio”, d.h. ordnen. Demnach kann man in der Anleitung Apple 10.5 Leapard die Beschreibung der Etappen der Vorgehensweisen finden. Das Ziel der Anleitung ist die Belehrung, Vereinfachung des Starts, der Nutzung des Geräts oder auch der Ausführung bestimmter Tätigkeiten. Die Anleitung ist eine Sammlung von Informationen über ein Gegenstand/eine Dienstleistung, ein Hinweis.

Leider widmen nicht viele Nutzer ihre Zeit der Gebrauchsanleitung Apple 10.5 Leapard. Eine gute Gebrauchsanleitung erlaubt nicht nur eine Reihe zusätzlicher Funktionen des gekauften Geräts kennenzulernen, sondern hilft dabei viele Fehler zu vermeiden.

Was sollte also eine ideale Gebrauchsanleitung beinhalten?

Die Gebrauchsanleitung Apple 10.5 Leapard sollte vor allem folgendes enthalten:
- Informationen über technische Daten des Geräts Apple 10.5 Leapard
- Den Namen des Produzenten und das Produktionsjahr des Geräts Apple 10.5 Leapard
- Grundsätze der Bedienung, Regulierung und Wartung des Geräts Apple 10.5 Leapard
- Sicherheitszeichen und Zertifikate, die die Übereinstimmung mit entsprechenden Normen bestätigen

Warum lesen wir keine Gebrauchsanleitungen?

Der Grund dafür ist die fehlende Zeit und die Sicherheit, was die bestimmten Funktionen der gekauften Geräte angeht. Leider ist das Anschließen und Starten von Apple 10.5 Leapard zu wenig. Eine Anleitung beinhaltet eine Reihe von Hinweisen bezüglich bestimmter Funktionen, Sicherheitsgrundsätze, Wartungsarten (sogar das, welche Mittel man benutzen sollte), eventueller Fehler von Apple 10.5 Leapard und Lösungsarten für Probleme, die während der Nutzung auftreten könnten. Immerhin kann man in der Gebrauchsanleitung die Kontaktnummer zum Service Apple finden, wenn die vorgeschlagenen Lösungen nicht wirksam sind. Aktuell erfreuen sich Anleitungen in Form von interessanten Animationen oder Videoanleitungen an Popularität, die den Nutzer besser ansprechen als eine Broschüre. Diese Art von Anleitung gibt garantiert, dass der Nutzer sich das ganze Video anschaut, ohne die spezifizierten und komplizierten technischen Beschreibungen von Apple 10.5 Leapard zu überspringen, wie es bei der Papierform passiert.

Warum sollte man Gebrauchsanleitungen lesen?

In der Gebrauchsanleitung finden wir vor allem die Antwort über den Bau sowie die Möglichkeiten des Geräts Apple 10.5 Leapard, über die Nutzung bestimmter Accessoires und eine Reihe von Informationen, die erlauben, jegliche Funktionen und Bequemlichkeiten zu nutzen.

Nach dem gelungenen Kauf des Geräts, sollte man einige Zeit für das Kennenlernen jedes Teils der Anleitung von Apple 10.5 Leapard widmen. Aktuell sind sie genau vorbereitet oder übersetzt, damit sie nicht nur verständlich für die Nutzer sind, aber auch ihre grundliegende Hilfs-Informations-Funktion erfüllen.

Inhaltsverzeichnis der Gebrauchsanleitungen

  • Seite 1

    M a c OS X Se r v er User Management F or V ersi on 1 0.5 L eopard[...]

  • Seite 2

    K Apple Inc. © 2007 Apple Inc. All rights reserved. The owner or authoriz ed user of a valid copy of Mac OS X Ser v er software may reproduce this publication for the purpose of learning to use such software. No part of this publication may be reproduced or transmitted for commercial purpose s, such as selling copies of this publication or f or pr[...]

  • Seite 3

    3 1 C ont en ts Prefac e 1 3 About This Guide 13 What’ s New in W orkgroup Manager 14 What’ s in T his Guide 15 Using Onscreen Help 16 Mac OS X Ser ver A dministration Guides 17 Viewing PDF Guides Onscreen 17 Printing PDF Guide s 18 Getting Documentation Updates 18 Getting Additional Information Chapter 1 1 9 User Management Overview 19 T ools [...]

  • Seite 4

    4 Contents 35 Identifying Directory Ser vices Requiremen ts 35 Determining Ser ver and St orage Requirements 36 Choosing a Home F older Structure 37 Devising a Home Folder Distribution Strat egy 38 Identifying Groups 38 Determining Administrator Requiremen ts Chapter 3 4 1 Getting Star ted with Work group Manager 41 Configuring the Administrat or ?[...]

  • Seite 5

    Contents 5 61 W orking with Presets 61 Creating a Pr eset for User A ccounts 62 Using Pr esets to Create A ccounts 62 Renaming Pr esets 62 Editing P resets 63 Deleting a Pre set 63 W orking with Basic Settings 63 Modifying User Names 64 Modifying Short Names 65 Choosing Stable Shor t Name s 66 A voiding Duplicate Names 67 Modifying User IDs 68 Assi[...]

  • Seite 6

    6 Contents 83 Resetting a User’ s Print Quota 84 Disabling a User’ s Access to P rint Queues That Enforce Quotas 84 W orking with Info Settings 85 W orking with Windo ws Settings 85 Changing a Windows User’ s Profile L ocation 86 Changing a Windows User’ s Login Script Location 87 Changing a Windows User’ s Home Folder Driv e Letter 87 Ch[...]

  • Seite 7

    Contents 7 10 8 About Computer Gr oups 10 8 Difference s Between Comput er Groups and Computer Lists 10 8 Administering C omputer Groups 10 8 Creating a Comput er Group 10 9 Creating a Pr eset for C omputer Groups 11 0 Using a C omputer Group P reset 111 Adding C omputers or Computer Gr oups to a Computer Gr oup 111 Removing Comput ers and Computer[...]

  • Seite 8

    8 Contents 13 7 Considerations f or Using Mobile Accoun ts 13 9 Strategies for Syncing C ontent 14 0 Setting Up Mobile Accoun ts for Use on P or table Comput ers 14 0 Configuring P or table C omputers 141 Managing Mobile Clients Without Using Mobile Accoun ts 141 Unk no wn Mac OS X P or table C omputers 14 2 Using Mac OS X P or table Computers with[...]

  • Seite 9

    Contents 9 17 3 Adjusting Classic Sleep Settings 17 4 Maintaining Consistent User P references for Classic 17 4 Managing Dock Preference s 17 4 Controlling the User’ s Dock 17 5 Providing Easy Acc ess to Group F olders 17 6 Adding Items to a User’ s Dock 17 7 Pr eventing Users from A dding or Deleting Dock I t ems 17 7 Managing Energy Sav er Pr[...]

  • Seite 10

    10 Contents 202 Creating a Mobile Accoun t 203 Prev enting the Creation of a Mobile A ccount 204 Manually Removing Mobile Accoun ts from Computers 205 Enabling FileV ault for Mobile A ccounts 207 Selecting the Location of a Mobile Account 208 Creating External Accounts 209 Setting Expiration P eriods for Mobile Acc ounts 210 Choosing F olders to Sy[...]

  • Seite 11

    Contents 11 232 A dding to the Pr eference Edit or ’ s List 234 Editing Application Pr eference s with the Pref erence Editor 235 Removing an A pplication ’ s Managed Pref erences in the P refer ence Editor 236 Using the Pr eference E ditor to Manage Core Services 237 U sing the Pref erence Editor t o Manage Safari Chapter 1 1 239 Solving P rob[...]

  • Seite 12

    12 Contents Appendix 25 1 Impor ting and Exporting Accoun t Information 25 1 Understanding What Y ou Can Import and Expor t 25 2 Limitations for Importing and Expor ting P asswords 25 2 Maintaining GUIDs When Importing from Earlier V ersions of Mac OS X Ser ver 25 3 Archiving the Open Directory M ast er 25 3 Using Workgroup Manager to Import Accoun[...]

  • Seite 13

    13 Prefac e About This Guide This guide explains how t o use W orkgroup Manager to set up and manage accounts and pr eferenc es f or clients. Mac OS X Ser ver include s W orkgroup Manager , a user management tool y ou can use to create and manage accounts . When managing accounts , you can define core acc ount settings like name, password , home fo[...]

  • Seite 14

    14 Preface About This Guide Y ou can enable these featur es by managing Mobility preference s. For more information, see Chapter 8, “Managing Portable Computers.” Â New managed prefer ences. Pref erences now let y ou manage P arental C ontrols , Dashboard , F ront Row , and Time Machine. Existing prefer ences hav e been enhanced , using embedd[...]

  • Seite 15

    Preface About This Guide 15 Using Onscreen Help Y ou can get task instructions onscreen in the Help Viewer application while you ’ re managing Leopard Server . Y ou can view help on a ser ver or an administrator comput er . (An administrator computer is a Mac OS X computer with L eopard Server administration software installed on it.) T o get hel[...]

  • Seite 16

    16 Preface About This Guide Mac OS X Ser ver A dministration Guides Getting Star ted c overs installation and setup for standar d and workgroup configurations of Mac OS X Ser ver. F or advanced configurations , Server Administration co vers planning , installation, setup , and general ser ver administration. A suite of additional guides, listed bel[...]

  • Seite 17

    Preface About This Guide 17 Viewing PDF Guides Onscreen While reading the PDF version of a guide onscreen: Â Show bookmarks to see the guide’ s outline, and click a bookmark to jump to the corres ponding section. Â Search for a wor d or phrase to see a list of places where it appears in the documen t. Click a listed place to see the page where [...]

  • Seite 18

    18 Preface About This Guide Getting Documentation Updates P eriodically , Apple posts revised help page s and new editions of guides. Some revised help pages update the latest editions of the guide s. Â T o view new onscreen help topics for a server application, mak e sur e your server or administrator computer is connected to the In ternet and cl[...]

  • Seite 19

    1 19 1 User Man agement Ov er view This chapter in troduce s user management concepts and describes the applica tions used to manage accoun ts and privileges. User management encompasses ev erything from setting up accounts for network access and creating home f olders, to fine-tuning the user experience by managing preferenc es and settings for us[...]

  • Seite 20

    20 Chapter 1 User Management Overview Using Workgroup Manager with Mac OS X Ser v er ser vic es, you can:  Customiz e the work envir onments of network users by or ganizing their desktop resource s and personal files  Enable ser vic es that require user accoun ts, such as mail, file sharing , iChat service, and web service  Share system resou[...]

  • Seite 21

    Chapter 1 User Management Overview 21 Ser v er Pref erences If you use the standard or workgroup c onfiguration of Mac OS X Ser ver , you can use Ser ver P references to configur e key features of collaboration and file services. I ts streamlined approach allows no vice system administrators to quickly configure a server without requiring much tech[...]

  • Seite 22

    22 Chapter 1 User Management Overview Y ou can use NetInstall to upgrade operating systems , install software updates and custom software packages, or re-image desktop and portable computers. Y ou can create custom installation packages for v arious departments in an organization, such as marketing, engineering, and sales. Using NetInstall, it ’ [...]

  • Seite 23

    Chapter 1 User Management Overview 23 Administra tor Acc ounts Users with server administration or director y domain administration privileges are known as administrators. An administrator can be a ser v er administrator , domain administrator , or both. Ser v er administrator privileges determine whether a user can change the settings of a particu[...]

  • Seite 24

    24 Chapter 1 User Management Overview When you assign full directory domain administration privileges to a user , the user is added to the “ admin ” group in the director y domain. This does not grant the user local admin privileges on the servers hosting this director y domain or on any other servers or clients bound to this directory domain. [...]

  • Seite 25

    Chapter 1 User Management Overview 25 F or some ser vic es, like Apple Filing P rotocol (AFP), you can let guest users access files . Instead of authenticating with a name and a passw ord , a guest user connects as a guest, not as a registered user . Guests are re stricted to files and folders with permissions set to Everyone. Group Acc ounts T o e[...]

  • Seite 26

    26 Chapter 1 User Management Overview F or more information about setting up comput er accounts, see Chapter 6, “Setting Up Computers and C omputer Groups.” T o specify prefer ences for Mac OS X comput er accounts , see Chapter 1 0, “Managing Pr eference s.” Guest Comput ers Most computers on your netw ork should have a comput er account. I[...]

  • Seite 27

    Chapter 1 User Management Overview 27 The follo wing illustration shows a user logging in to an account in a directory domain in the computer’ s search polic y . After login, the user can connec t t o a remote server to access its services (if the user ’ s account is located in the server ’ s search polic y). If Mac OS X finds a user account [...]

  • Seite 28

    28 Chapter 1 User Management Overview Prior to Mac OS X v1 0.4, Mac OS X used user ID and POSIX permissions to track folder and file permissions. In Mac OS X, f olders or files include POSIX permissions for en tities such as:  Owner  Group  Everyone else Because GUIDs are 1 2 8-bit values , duplicate GUIDs are ex tr emely unlikely . Unlike AC[...]

  • Seite 29

    Chapter 1 User Management Overview 29 ACLs and POSIX P ermissions Every file and folder has POSIX permissions. Unless an administrator assigns ACL permissions, POSIX permissions continue to define user access . I f y ou assign ACL permissions, they take precedence over standard POSIX permissions . If a file has ACL permissions, but none apply to th[...]

  • Seite 30

    30 Chapter 1 User Management Overview[...]

  • Seite 31

    2 31 2 Getting Star ted with User Man agement This chapter pr ovides inf ormation about planning and setting up a user management en vironment. T o create an effective user managemen t environmen t, you must carefully plan your network. Then, when deploying the network, you must systematically and methodically set up your network r esources . Setup[...]

  • Seite 32

    32 Chapter 2 Getting Started with User Management Make sure that read-only director y domains (such as LDAPv2, read-only LDAPv3, or BSD flat files) are configured t o suppor t Mac OS X Server and that they provide necessary account data. T o make the director y compatible , you must add, modify , and reor ganize director y inf ormation. Mac OS X of[...]

  • Seite 33

    Chapter 2 Getting Started with User Management 33 F or information about setting up home folders using AFP , NFS, or SMB, see Chapter 7 , “Setting Up Home Folders .” Step 5: Create user accoun ts and home folders Y ou can use Workgroup Manager to creat e user accounts in directories that re side on Mac OS X Ser ver or in other r ead/write direc[...]

  • Seite 34

    34 Chapter 2 Getting Started with User Management  F or information about how to w ork with Mac OS X group accounts and group folders , see Chapter 5 , “Setting Up Group Acc ounts.”  F or information about how to add a gr oup folder to the dock to make it more accessible to users , see Chapter 1 0, “Managing P reference s.”  F or info[...]

  • Seite 35

    Chapter 2 Getting Started with User Management 35 Â What ser vic es and resource s users need (such as mail or access to data storage) Â How to divide users int o groups (for example , by class topic or job function) Â How to group comput ers (such as all computers in a public lab) Identifying Directory Ser vices Requiremen ts Identify the direc[...]

  • Seite 36

    36 Chapter 2 Getting Started with User Management If you use network home folders , they requir e one dedicated home folder server for every 1 50 concurrent connections. If you use mobile accounts with portable home directories, you need one dedicated home folder server for ev er y 3 00 concurrent connections. F or example, if you have 400 c ompute[...]

  • Seite 37

    Chapter 2 Getting Started with User Management 37 When users save file s in network home folders , the files are stor ed on the ser v er . Additionally , when users access home folders, even for common tasks like caching webpages , the users’ computers must retrieve the se files from the server . Using network home f olders provides complet e con[...]

  • Seite 38

    38 Chapter 2 Getting Started with User Management A user ’ s netw ork home folder doesn ’t need to be stored on the same server as the director y c ontaining the user ’ s account. In fact, distributing directory domains and home folders across multiple servers can help balance your netw ork load. This scenario is described in “Distributing [...]

  • Seite 39

    Chapter 2 Getting Started with User Management 39 F or example, you might want to give studen t lab assistants the ability to manage user passwords f or a small group of students, while giving teachers the ability to manage user passwords , edit user information, and edit group information for all of their classes. Because users can be given limit [...]

  • Seite 40

    40 Chapter 2 Getting Started with User Management[...]

  • Seite 41

    3 41 3 Getting Star ted with W ork group Manager This chapter pr ovides instructions for setting up W orkgroup Manager and using its core f eature s. W orkgroup Manager is the primary application for managing client computers. Y ou can use W orkgroup Manager to create acc ounts and manage prefer ences. Configuring the A dministrat or ’ s Computer[...]

  • Seite 42

    42 Chapter 3 Getting Started with Workgroup Manager 3 If you are managing pref erences that use specific paths t o find files (such as Dock preferenc es), mak e sure the administrat or computer has the same file system structure as each managed client computer . This means that folder names , volume s, the location of applications, and so on should[...]

  • Seite 43

    Chapter 3 Getting Started with Workgroup Manager 43 Connecting and Authen ticating to Directory Domains in W orkgroup Manager When you install your server or set up an administrator computer , W orkgroup Manager is installed in /Applications/Server/. Use the Finder t o open the application, or click its icon in the Dock or in the toolbar of the Ser[...]

  • Seite 44

    44 Chapter 3 Getting Started with Workgroup Manager Major W orkgroup Manager T asks After login, the Accounts pane appears (see below), showing a list of user accounts. Initially , the user accounts listed ar e those stored in the last directory domain of the ser v er ’ s sear ch policy . Here is how to get started with the primary W orkgroup Man[...]

  • Seite 45

    Chapter 3 Getting Started with Workgroup Manager 45 Â T o view onscreen help , use the Help menu. The Help menu gives y ou access to help for administration tasks av ailable through Workgroup Manager , as well as other Mac OS X Ser ver t opics. Â T o open Ser ver A dmin so you can monitor and w ork with ser vice s on a ser v er , click the Ser v [...]

  • Seite 46

    46 Chapter 3 Getting Started with Workgroup Manager F inding and Listing Acc ounts W orkgroup Manager provides sev eral methods for finding and listing user accounts , group accounts , computer accounts, and computer groups. W ork ing with A ccount Lists in W orkgroup Manager In W orkgroup Manager , user accounts, group accounts, computer accounts [...]

  • Seite 47

    Chapter 3 Getting Started with Workgroup Manager 47 User accounts from the server’ s local director y domain can ’t be used to a uthenticate in the login window on client comput ers, because the login window is a process running on the client computer . T o list accounts in a server’ s local directory domain: 1 In W orkgroup Manager , connec [...]

  • Seite 48

    48 Chapter 3 Getting Started with Workgroup Manager Listing Accoun ts in A vailable Directory D omains Using Workgroup Manager , you can list user accounts, group accounts , computer accounts , and computer groups r esiding in any av ailable directory domain accessible from the server you’ re connected to . A vailable directory domains are not th[...]

  • Seite 49

    Chapter 3 Getting Started with Workgroup Manager 49  Name Star ts With  Name Ends With  Name Is  ID Is  ID Is Greater Than  ID Is Less Than  Comment C ontains  Keyword Con tains T o filter items in the list of accoun ts: 1 After listing accounts , click the Users, Groups, Computers , or Computer Groups button. 2 Click the Search (ma[...]

  • Seite 50

    50 Chapter 3 Getting Started with Workgroup Manager There are sev eral field options:  Is less than  Is greater than  Is  Contains T o locate users or groups in the A ccounts or P refer ences panes: 1 In the W orkgroup Manager toolbar , click Search. Y ou can also click the Search (magnifying glass) button in the search field abov e the acc[...]

  • Seite 51

    Chapter 3 Getting Started with Workgroup Manager 51 F or more information about how t o create presets , see “Creating a Preset f or User Accounts ” on page 6 1. Editing Multiple Acc ounts Simultaneously Y ou can edit settings (if they don ’t need to be unique) f or multiple user accounts , group accounts , or computer groups at the same time[...]

  • Seite 52

    52 Chapter 3 Getting Started with Workgroup Manager F or example, suppose you select three group accounts that each hav e differen t settings for the Dock size. When you look at the Dock Displa y preference pane f or these accounts , the Dock Size slider is center ed and has a dash on it. I f y ou change the position of the Dock Size slider to Larg[...]

  • Seite 53

    Chapter 3 Getting Started with Workgroup Manager 53 Impor ting and Exporting Accoun t Information Y ou can use XML or character-delimited text files to import and expor t user and group account inf ormation. Importing information can make it easier to set up many accounts quickly . Exporting information to a file is useful f or record-keeping . T o[...]

  • Seite 54

    54 Chapter 3 Getting Started with Workgroup Manager[...]

  • Seite 55

    4 55 4 Setting Up User A ccoun ts This chapter t ells you how t o set up , edit, and manage user accounts . User accounts giv e users unique identities on your netw ork and allow you to manage those users. Y ou can use Workgroup Manager to view , create , edit, and delet e user accounts. T o view user accounts in Workgroup Manager , click the Users[...]

  • Seite 56

    56 Chapter 4 Setting Up User Accounts A Windows user account that is not st ored in the PDC server ’ s LDAP directory can be used to access other services. For example , M ac OS X Server can authenticate users with accounts in the server ’ s local directory domain for the server ’ s Windows file ser vic e. Mac OS X Ser ver also a uthenticates[...]

  • Seite 57

    Chapter 4 Setting Up User Accounts 57 Administ ering User Acc ounts Y ou can view , cr eate, edit, and delete user accounts stored in various kinds of directory domains. Creating U ser Accoun ts T o create a user account in a dir ector y domain, you must have administrator privilege s for the domain. T o create user accounts in an LDAPv3 dir ector [...]

  • Seite 58

    58 Chapter 4 Setting Up User Accounts 3 Click the globe icon and then choose the domain where you wan t the user ’ s accoun t to reside. F or Mac OS X Ser ver v1 0.5 or later , Local and /L ocal/Default refer t o the local director y domain. 4 T o authenticate , click the lock and ent er the name and password of a directory domain administrator .[...]

  • Seite 59

    Chapter 4 Setting Up User Accounts 59 F or details, see “ W ork ing with Basic Settings” on page 63 through “ W ork ing with Windows Settings” on page 85. Fr om the Command Line Y ou can also edit user account inf ormation using the dscl command in T erminal. F or more information, see the users and groups chapter of Command-Line Administr [...]

  • Seite 60

    60 Chapter 4 Setting Up User Accounts W ork ing with Windows User A ccounts Use Workgroup Manager to change passw ords, password policies , and other settings in Windows user accounts . The user accounts can r eside in a ser v er ’ s local dir ector y domain, a Mac OS X Ser ver PDC LDAP director y , or another director y system that allows r ead-[...]

  • Seite 61

    Chapter 4 Setting Up User Accounts 61 Fr om the Command Line Y ou can also disable a user account using the dscl and pwpolicy commands in T erminal. For more inf ormation, see the users and groups chapter of Command-Line Administr ation . W ork ing with P re sets Pre sets are templates used t o define attributes that apply to new user , group, or c[...]

  • Seite 62

    62 Chapter 4 Setting Up User Accounts Using P resets to Crea te Acc ounts Pre sets provide a quick way t o apply settings to a new account. After applying the preset, you can continue to modify settings f or the new account, if necessary . Y ou can use presets with user , group, and computer group accounts . Pr esets are stored in the directory dom[...]

  • Seite 63

    Chapter 4 Setting Up User Accounts 63 Y ou edit a preset by using it t o create an account , changing fields defined by the preset, and then saving the preset. T o edit a preset: 1 In W orkgroup Manager , click Accounts. 2 Click the globe icon and then choose the directory domain with the preset you want to edit. 3 T o authenticate , click the lock[...]

  • Seite 64

    64 Chapter 4 Setting Up User Accounts A user name can contain no more than 2 5 5 bytes . Because long user names suppor t various character sets, the maximum number of characters for long user names ranges from 25 5 Roman characters to as few as 63 characters in character sets where characters occupy up to 4 bytes. Use Workgroup Manager to edit the[...]

  • Seite 65

    Chapter 4 Setting Up User Accounts 65 F or the first shor t user name , use only these characters (subsequent short names can contain an y Roman character):  a through z  A through Z  0 through 9  _ (underscore)  - (hyphen) T ypically , shor t names contain eight or f ewer characters. Initially , the value of the first short name is “un[...]

  • Seite 66

    66 Chapter 4 Setting Up User Accounts T o change a user ’ s first short name, create a new account f or the user in the same director y domain that c ontains the new first short name and retain all other account information (user ID , primary group , home folder , and so on). Make sure you use the same GUID for the new accoun t. Then disable the [...]

  • Seite 67

    Chapter 4 Setting Up User Accounts 67 Modifying User IDs A user ID is a number that uniquely identifies a user . M ac OS X c omputers use the user ID to track a user’ s folder and file ownership. When a user creates a f older or file, the user ID is stored as the ID of the user who created the folder or file . T his user ID has read and write per[...]

  • Seite 68

    68 Chapter 4 Setting Up User Accounts Make sure the value is unique for all directory domains set in the search policy of computers that the user logs in to . Workgr oup Manager warns you if you change the value to another user ID in the same dir ector y domain. Y ou can quickly find all existing user IDs by choosing V iew > “Show System U ser[...]

  • Seite 69

    Chapter 4 Setting Up User Accounts 69 3 Click the globe icon and choose Local. 4 Click the lock and enter the name and passwor d of a local administrator . 5 Click the globe icon and choose the directory domain where the user ’ s account r esides. 6 Click the lock and enter the name and passwor d of a director y domain administrator . 7 T o grant[...]

  • Seite 70

    70 Chapter 4 Setting Up User Accounts W ork ing with P rivileges Y ou can give a user account full or limit ed control ov er domain administration. When giving limited administrative con trol, you can choose which users and groups the user can administer , and what k ind of contr ol the user has over those users and groups. Y ou can change a user ?[...]

  • Seite 71

    Chapter 4 Setting Up User Accounts 71 The following tasks ar e available t o limited administrators: If you give a user differ ent administrative capabilities at sev eral account levels , the capabilities are merged . F or example, let ’ s sa y a user named Anne Johnson is a member of the Algebra 1 0 1 group , and the Algebra 1 0 1 gr oup is a me[...]

  • Seite 72

    72 Chapter 4 Setting Up User Accounts Giving a User F ull Administrativ e Capabilities A user with full administrative capabilities is also known as a directory domain administrator . Director y domain administrators can modify any r ecords in the directory domain and are the only users who can change the passwords of other dir ector y domain admin[...]

  • Seite 73

    Chapter 4 Setting Up User Accounts 73 Allowing a User t o Log In to More Than One C omputer A t a Time Y ou can allow a managed user to log in to mor e than one managed computer at a time, or you can preven t the user from doing so. Note: Simultaneous login is not recommended for most users . Y ou may want to reserve simultaneous login privileges f[...]

  • Seite 74

    74 Chapter 4 Setting Up User Accounts 4 T o specify the user’ s default shell when logging in to a Mac OS X computer , choose a shell from the Login Shell pop-up menu . T o specify a shell that doesn ’t appear in the list, choose Custom and then en ter the path to the shell. T o ensure that a user can ’t acce ss the ser v er remotely using th[...]

  • Seite 75

    Chapter 4 Setting Up User Accounts 75 If you choose Shadow P assword, you can also select authentication methods by clicking Securit y . 6 Click Save . Creating a Master List of K eywords Y ou can define keywords that enable quick searching and sorting of user accounts. Using keywords can simplify tasks such as creating groups or editing multiple u[...]

  • Seite 76

    76 Chapter 4 Setting Up User Accounts T o work with keywor ds for a user account: 1 In W orkgroup Manager , click Accounts. 2 Select the user account you want to w ork with. T o select the account, click the globe icon, choose the director y domain where the account re sides, and then select the user account in the accounts list. 3 T o authenticate[...]

  • Seite 77

    Chapter 4 Setting Up User Accounts 77 W ork ing with Group Settings Group settings identify the groups a user belongs t o. In W orkgroup Manager , use the Group Settings pane in the user ’ s acc ount to work with gr oup settings. F or information about how to administ er group accounts , see Chapter 5 , “Setting Up Group Accoun ts.” Choosing [...]

  • Seite 78

    78 Chapter 4 Setting Up User Accounts W orkgroup Manager displays long and short names for the group after y ou enter a primar y gr oup ID (if the group exists and is accessible in the search policy of the server you ’ re logged in to). Reviewing a User’ s Gr oup Memberships Y ou can use Workgroup Manager to review the gr oups a user belongs to[...]

  • Seite 79

    Chapter 4 Setting Up User Accounts 79 T o add a user to a group using W orkgroup Manager: 1 In W orkgroup Manager , click Accounts. 2 Select the user account you want to w ork with. T o select the account, click the globe icon, choose the director y domain where the account re sides, and then select the user account in the accounts list. 3 T o auth[...]

  • Seite 80

    80 Chapter 4 Setting Up User Accounts W ork ing with Mail Settings Y ou can create a mail accoun t by specifying mail settings in the user account. T o use the mail ser vic e account, the user configures a mail client to iden tify the user name, password , mail service, and mail protocol you specify in the mail settings . In W orkgroup Manager , us[...]

  • Seite 81

    Chapter 4 Setting Up User Accounts 81 Disabling a User’ s Mail Service Y ou can use Workgroup Manager to disable mail service for users whose accounts ar e stored in an Open Directory domain, the local director y domain, or other read/write director y domain. T o disable a user’ s mail ser vic e using W orkgroup Manager: 1 In W orkgroup Manager[...]

  • Seite 82

    82 Chapter 4 Setting Up User Accounts In W orkgroup Manager , use the Print Quota pane in the user account to w ork with print quota settings. Enabling a User’ s A ccess to All A vailable P rint Queues Y ou can use Workgroup Manager to allow a user t o print to all or some of the accessible Mac OS X print queues that enf orce quotas. T o use W or[...]

  • Seite 83

    Chapter 4 Setting Up User Accounts 83 6 T o give the user unlimited printing rights t o the queue, select “Unlimited prin ting”; other wise , select “Limit to ” and specify the maximum number of pages the user can print in a specific number of da ys. 7 Click Save . Removing a P rint Quota F or a Queue If you no longer require a print quota [...]

  • Seite 84

    84 Chapter 4 Setting Up User Accounts 3 T o authenticate , click the lock and ent er the name and password of a directory domain administrator . 4 Click Print Quota. 5 If you ’ re managing All Queues , click Restart Print Quota. 6 If you ’ re managing P er Queue, choose a print queue from the Queue Name pop-up menu and then click Restart Print [...]

  • Seite 85

    Chapter 4 Setting Up User Accounts 85 Other users can view the information in this pane when they view the user account in W orkgroup Manager and Directory . T o change a user’ s info: 1 In W orkgroup Manager , click Accounts. 2 Select the user account you want to w ork with. T o select the account, click the globe icon, choose the director y dom[...]

  • Seite 86

    86 Chapter 4 Setting Up User Accounts T o change the Windows roaming profile location for a user accoun t: 1 In W orkgroup Manager , click Accounts. 2 Open the user account whose profile location y ou want to change. T o open a user account in the PDC, click the globe icon and choose the PDC ser ver’ s LDAP director y . 3 T o authenticate , click[...]

  • Seite 87

    Chapter 4 Setting Up User Accounts 87 Enter the relativ e path to a login script in /etc/netlogon/ on the PDC server . F or example, if an administrator places a script named setup .bat in /etc/netlogon/, the Login Script field should con tain “setup .bat.” 5 Click Save . Changing a Windows User ’ s Home F older Drive L etter Y ou can use Wor[...]

  • Seite 88

    88 Chapter 4 Setting Up User Accounts T o view a user or group GUID: 1 In W orkgroup Manager , click Accounts. 2 Make sure the director y services of the Mac OS X Ser ver comput er you ’ re using are configured to acce ss the director y domain. 3 Click the globe icon and then choose the domain where the account r esides. 4 T o authenticate , clic[...]

  • Seite 89

    5 89 5 Setting Up Group Acc oun ts This chapter t ells you how t o set up , edit, and manage group accounts . A group account off ers a simple way to manage a collection of users with similar needs. Y ou can also create group f olders, which provide an easy way f or group members to share files with each other . Y ou can use Workgroup Manager to vi[...]

  • Seite 90

    90 Chapter 5 Setting Up Group Accounts Where Group A ccounts Ar e Stored Group accounts can be st ored in any Open Directory domain. A director y domain can reside on a Mac OS X computer (f or example, an Open Director y domain) or it can reside on a non-Apple server (for example , an LDAP or Active Director y server). W orkgroup Manager can work w[...]

  • Seite 91

    Chapter 5 Setting Up Group Accounts 91 Administ ering Group Acc ounts W orkgroup Manager lets you administer group acc ounts stored in multiple directory domains. Creating Group A ccoun ts T o create a group accoun t in a director y domain, you must have domain administrat or privileges. Y ou can also create group acc ounts on a non-Apple LDAPv3 se[...]

  • Seite 92

    92 Chapter 5 Setting Up Group Accounts Y ou can also use a preset or an import file to create a group . For details , see “Creating a Pr eset for Group A ccounts ,” and the appendix, “Importing and Expor ting Account Inf ormation.” Fr om the Command Line Y ou can also create a group acc ount using the dseditgroup command in T erminal. For m[...]

  • Seite 93

    Chapter 5 Setting Up Group Accounts 93 4 T o authenticate , click the lock and ent er the name and password of a directory domain administrator . 5 Click the Groups button and select the group you want t o work with. 6 Edit settings for the group in the pane s provided . F or details, see “ W ork ing with Basic Settings for Groups ” on page 95,[...]

  • Seite 94

    94 Chapter 5 Setting Up Group Accounts 5 T o create a group , click the Groups butt on. 6 In the Members pane, click the Add (+) button to open a draw er that lists the users and groups defined in the directory domain you’ re working with. Make sure the group account reside s in a director y domain s pecified in the search policy of computers the[...]

  • Seite 95

    Chapter 5 Setting Up Group Accounts 95 T o work with read-only gr oups: 1 In W orkgroup Manager , click Accounts. 2 Make sure that the director y services of the Mac OS X Ser ver comput er you’ re using are configured to acce ss the director y domain where the acc ount resides . F or information about using Directory Utilit y to c onfigure server[...]

  • Seite 96

    96 Chapter 5 Setting Up Group Accounts Because long group names support various character sets, the number of characters for long group names can range fr om 25 5 Roman charac ters t o as few as 63 characters (for character sets in which characters occupy up to 4 bytes). Â A short group name contains as many as 25 5 Roman characters. However , for[...]

  • Seite 97

    Chapter 5 Setting Up Group Accounts 97 Y ou can use Workgroup Manager to edit the ID f or a group account stor ed in an Open Director y domain or the local domain, or to review the group ID in an y director y domain accessible from the server you ’ re using . T he group ID is associated with group privileges and permissions. T o work with a group[...]

  • Seite 98

    98 Chapter 5 Setting Up Group Accounts Enabling a Group ’ s W eb S ervices Mac OS X Ser ver v1 0.5 includes Groups, a feature that allows groups t o easily create a collaborative websit e. This website uses calendar , wik i, and blog technology to streamline group communication. Y ou can also set up a mailing list so that mail sent to the list is[...]

  • Seite 99

    Chapter 5 Setting Up Group Accounts 99 5 Select the ser vices you wan t to enable. Y ou can only select ser vices that ar e not disabled by your web server . 6 Choose who can view the group website b y using the “ can view these ser vices ” pop-up menu. This option applies to viewing the wiki, blog, calendar , and mailing list archive. 7 Choose[...]

  • Seite 100

    100 Chapter 5 Setting Up Group Accounts 3 T o authenticate , click the lock and ent er the name and password of a directory domain administrator . 4 In the Members pane, click the Add (+) button to open a draw er that lists the users and groups defined in the directory domain you’ re working with. Make sure the group account reside s in a directo[...]

  • Seite 101

    Chapter 5 Setting Up Group Accounts 101 F or example, to set a multimedia lab computer specifically f or a movie-editing class, you could set Dock pref erences for the mo vie-editing workgroup to dis play only iMovie and the group folder . Because the group folder is in the Dock, it provides an easily accessible location for studen ts to store and [...]

  • Seite 102

    102 Chapter 5 Setting Up Group Accounts  Setting up login preference s so that users can click Computer in the F inder to see the group folder share poin t and the group folders in it. F or instructions, see “Pr oviding Easy Access t o the Group Share P oint ” on page 1 99. When setting up these prefer ences, make sure the group is defined in[...]

  • Seite 103

    Chapter 5 Setting Up Group Accounts 103 6 In the Owner Name fields, enter the shor t name and long name of the user you wan t to assign as the owner of the group folder so the user can act as group f older administrator . T o choose an owner from a list of users in the curren t director y domain, click the Browse (...) butt on. Click the globe icon[...]

  • Seite 104

    104 Chapter 5 Setting Up Group Accounts[...]

  • Seite 105

    6 105 6 Setting Up Comput ers and C omputer Gr oups This chapter t ells you how t o set up and manage individual computers and gr oups of computers. T o manage an individual computer , you must create a computer account. T o manage a group of computers , you must creat e a computer group composed of comput er accounts or of other computer gr oups. [...]

  • Seite 106

    106 Chapter 6 Setting Up Computers and Computer Groups When a computer starts up, Mac OS X tries to match the computer’ s Ethernet address with a computer account. If a matching computer accoun t is found , the computer uses the managed preferenc es for that comput er account and the computer groups it belongs to . I f no matching c omputer accou[...]

  • Seite 107

    Chapter 6 Setting Up Computers and Computer Groups 107 If keywords that you want to associate ar en ’t listed in the master keyword list, click Edit Keywords, click the Add (+) button, enter a name for the keyword , and click OK. Select the k eywor ds you want to associate with the c omputer and click OK. 9 Click Network, enter the Ethernet ID fo[...]

  • Seite 108

    108 Chapter 6 Setting Up Computers and Computer Groups Important: Don ’t create computer accounts f or Windows 2 000 or Windows XP computers. If you do so , they may not be usable f or domain login. Instead , use the Windows software on these computers t o join them to the Windows domain. For information, see Open Director y Administr ation . Abo[...]

  • Seite 109

    Chapter 6 Setting Up Computers and Computer Groups 109 Â A computer group is a group of c omputers that have the same pr eference settings and are av ailable to the same users and groups. Â Y ou can add up to 2000 c omputers to a computer gr oup. Y ou can create hierarchical gr oups to manage computers with Mac OS X v1 0.5 or later . Hierarchical[...]

  • Seite 110

    110 Chapter 6 Setting Up Computers and Computer Groups Using presets , you can easily set up multiple computer groups that use similar settings. Howev er , you can only use presets when creating a c omputer group . Y ou can’t use a preset to change a comput er group . T o set up a preset f or computer groups: 1 In W orkgroup Manager , click Accou[...]

  • Seite 111

    Chapter 6 Setting Up Computers and Computer Groups 111 4 Click the Computer Gr oups button (on the left) and then click Basic. 5 F rom the Pre sets pop-up menu, choose a preset. 6 Choose Ser v er > New Computer Group (or click New C omputer Group in the toolbar). 7 Add or update settings as needed and then click Sa ve. Adding C omputers or C omp[...]

  • Seite 112

    112 Chapter 6 Setting Up Computers and Computer Groups 5 Click the Remove (–) button and then click Sa ve. Deleting a Computer Gr oup If you no longer need a computer group , y ou can use W orkgroup Manager to delete it. T o delete a computer gr oup: 1 In W orkgroup Manager , click Accounts. 2 Select the computer group. T o select the computer gr[...]

  • Seite 113

    7 113 7 Setting Up Home F olders This chapter pr ovides guideline s for setting up and managing home folders . Mac OS X uses the home folder—a folder f or a user’ s personal use—to store the user ’ s application preferenc es and personal files, like documents and music. T o set up share points that host home folders , you can use Server Adm[...]

  • Seite 114

    114 Chapter 7 Setting Up Home Folders The home folder y ou designate in the Home pane can be used when logging in from a Windows workstation or a Mac OS X computer . This can be helpful for a user whose account re sides on a ser v er that is a Windows primary domain controller (PDC). There are additional limitations on the maximum path length, depe[...]

  • Seite 115

    Chapter 7 Setting Up Home Folders 115 The default share poin t for Windows home folders is the same as the share point f or Mac OS X home folders. The default share poin t for user profile s is the /Users/Profile s/ folder on the PDC and BDC servers. ( This SMB share poin t is not shown in W orkgroup Manager .) Y ou can set up alternate SMB share p[...]

  • Seite 116

    116 Chapter 7 Setting Up Home Folders Step 3: Create the user accoun ts in the shared domain on the accounts server F or information about specifying which shar e point is used for a user’ s home folder , see “ Administering Home F olders” on page 1 2 1. Step 4: Set up the direc t ory ser vices of the clien t computers so their search policy [...]

  • Seite 117

    Chapter 7 Setting Up Home Folders 117 Setting Up an Automoun table AFP Share P oint for Home F olders Y ou can use Ser v er Admin to set up an AFP share poin t for home folders . Home folders for user acc ounts stored in shared dir ector y domains (such as an Open Director y domain) can r eside in any AFP share poin t that the user ’ s comput er [...]

  • Seite 118

    118 Chapter 7 Setting Up Home Folders 11 Click Prot ocol Options. 12 In AFP , select “Share this item using AFP” and “ Allow AFP guest access .” When you enable guest acce ss, it is enabled for all home folders in the share point. By default, in home folders guests can only access /P ublic and /Sites f olders. When a guest browse s the home[...]

  • Seite 119

    Chapter 7 Setting Up Home Folders 119 3 T o view a list of available services, use the disclosure triangle next to your server . If Ser ver A dmin doesn ’t list the NFS service, click the Add (+) button, choose Add Ser vice , select NFS, and then click Save. 4 Select the NFS ser vice , then if NFS is not running, click Star t NFS. F or more infor[...]

  • Seite 120

    120 Chapter 7 Setting Up Home Folders  Set the default permissions for new files and f olders in the share point SMB share points can ’t be used for Mac OS X home folders , but can be used for Windows home folders . Note: Don ’t use a slash (/) in the name of a folder or v olume you plan to share . Users tr ying t o access the share point mig[...]

  • Seite 121

    Chapter 7 Setting Up Home Folders 121 Important: Do not enable oplocks for a shar e point that’ s using a protocol other than SMB. F or more information on oplocks , see F ile Ser vice s Administration . Â T o set standard locks on server files, selec t “Enable stric t locking.” Note: F or ser v ers earlier than Mac OS X Ser ver v1 0.2.4, op[...]

  • Seite 122

    122 Chapter 7 Setting Up Home Folders T o open a director y domain, click the globe icon and choose from the pop-up menu. T o authenticate , click the lock. 3 Click the Users button and select one or more user accounts . 4 Click Home and select (None) from the list. 5 Click Save . Creating a Home F older for a Local User Y ou can use Workgroup Mana[...]

  • Seite 123

    Chapter 7 Setting Up Home Folders 123 8 Click Create Home Now and then click Sa ve. If you do not click Create Home Now bef ore clicking Save , the home folder is creat ed the next time the user logs in remotely . However , only cer tain clien ts can connect to ser v ers hosting share points in the local domain. F or instructions on setting up a sh[...]

  • Seite 124

    124 Chapter 7 Setting Up Home Folders 3 T o authenticate , click the lock and ent er the name and password of a directory domain administrator . 4 Click Home; then in the share points list select the share point you wan t to use. The list displa ys all automountable netw ork-visible share points in the search policy of the ser v er you are connecte[...]

  • Seite 125

    Chapter 7 Setting Up Home Folders 125 The share point f or a local user account’ s home folder should reside in an AFP shar e point on the server where the user account reside s. T his share point does not need t o be automountable—that is , it does not r equire a network mount r ecord in the director y domain. The share point f or the home fol[...]

  • Seite 126

    126 Chapter 7 Setting Up Home Folders F or example, to create a home folder f or a user named Smith, in a custom location of /Homes/T eachers/SecondGrade/, enter “ T eachers/SecondGrade/Smith.” Make sure the custom location folder exists . Do not put a slash (/) at the beginning or the end of the path. 9 In the F ull P ath field , enter the ful[...]

  • Seite 127

    Chapter 7 Setting Up Home Folders 127 Note: Home folders are creat ed the first time a user logs in only on share points served through an AFP or SMB server . NFS home f olders must be created manually . Setting Up a Home Folder f or a Windows User Using Workgroup Manager , you can set up a network home folder that will be mounted when a Windows us[...]

  • Seite 128

    128 Chapter 7 Setting Up Home Folders  Optionally , enter a disk quota f or the user ’ s home f older and specify megabyte s (MB) or gigabytes (GB). Important: This quota also applie s to the user ’ s roaming profile if it ’ s on the same volume as the home folder . Mak e sur e the quota is adequate for both f olders for an entire work se s[...]

  • Seite 129

    Chapter 7 Setting Up Home Folders 129 Setting Disk Quotas Y ou can limit the disk space users ha ve av ailable to store files in the v olume where their home folders reside . This quota applies to all files that the user st ores in the volume wher e his or her home folder reside s, including all files stored in the user’ s drop box. T herefore , [...]

  • Seite 130

    130 Chapter 7 Setting Up Home Folders Setting Disk Quotas for Windows Users to A void Data L oss A disk quota that applies to a Windows user’ s roaming profile folder must be lar ge enough to cov er the user ’ s expected data storage needs f or a work session. A Mac OS X Server PDC enforce s quotas on a roaming profile folder only at the end of[...]

  • Seite 131

    8 131 8 Manag ing P or table C omputers This chapter pr ovides inf ormation about tools a v ailable to manage por table comput ers. Mac OS X Ser ver allows y ou to create and manage mobile accoun ts for users of portable computers. About Mobile Acc ounts If your organization uses portable computers, assign mobile accounts to users. This allows you [...]

  • Seite 132

    132 Chapter 8 Managing Portable Computers About P or table Home Directories A portable home direc tory is a synced subset of a user ’ s local and network home folders. Y ou can configure which f olders to sync and how often to sync them. Users can also initiate syncing . By syncing key folders, a user can work on or off the network and experience[...]

  • Seite 133

    Chapter 8 Managing Portable Computers 133 Logging In t o Mobile Accoun ts If a user has created a portable home director y , logging in to a mobile account is similar to logging in to a local accoun t. F irst, the user selec ts his or her accoun t and then enters the corr ect password to complete the login. If the account is not display ed, the use[...]

  • Seite 134

    134 Chapter 8 Managing Portable Computers Resolving Sync C onflic ts When a user ’ s file s and folders sync, a sync conflict can occur if a file in the user ’ s local home folder and the network home f older have tw o versions of a file and it is not clear which one should be saved . Sync c onflicts usually occur when a mobile account user cha[...]

  • Seite 135

    Chapter 8 Managing Portable Computers 135 All mobile accounts on Mac OS X v1 0.5 or later (including ex t ernal accounts) can use FileV ault to encrypt the contents of the local home folder . For more inf ormation, see “Enabling FileV ault for Mobile A ccounts ” on page 205. F or information about creating external accounts , see “Creating Ex[...]

  • Seite 136

    136 Chapter 8 Managing Portable Computers Consider ations and Strategie s for Deplo ying Mobile Accoun ts Before y ou deploy mobile accounts , carefully weigh the adv antages and disadv antages of using mobile accounts and strategiz e how you will configure them. When you properly configur e mobile accounts, you can create a w ork environmen t wher[...]

  • Seite 137

    Chapter 8 Managing Portable Computers 137 Mobile accounts cache temporary files locally , improving network and individual computer performance. Locally caching files like webpages helps reduc e network traffic. Y ou can also reduce network traffic b y carefully planning user sync settings. For information about how to plan sync settings , see “S[...]

  • Seite 138

    138 Chapter 8 Managing Portable Computers Consider the f ollowing: Â Improperly set sync settings can cause long dela ys during login and logout and can create inconsisten t home folders. Â If multiple users create a mobile account on the same comput er , it could cause excessiv e proliferation of home f olders. Â Mobile accounts can ’t restor[...]

  • Seite 139

    Chapter 8 Managing Portable Computers 139 Mobile accounts can ’t restor e deleted files through syncing Although mobile accounts keep user files stored in tw o locations—in local and network home folders—they do not eliminat e the need for a formal backup syst em. When you configure the user’ s por table home directory , y ou choose a subse[...]

  • Seite 140

    140 Chapter 8 Managing Portable Computers  The user uses the same mobile accoun t to log in to two comput ers simultaneously . This might create sync issue s with the two computers , causing the computers t o display err or messages. Login and logout syncing should be carefully managed beca use a user ’ s login and logout is delayed while file [...]

  • Seite 141

    Chapter 8 Managing Portable Computers 141 Create at least one local administrator accoun t and create local user accounts as needed. Make sure the users’ local account names are not easily confused with the users’ network names. By creating an administrator account , you are pr eventing the user from ha ving administrator access unless y ou spe[...]

  • Seite 142

    142 Chapter 8 Managing Portable Computers F or more information about setting up a guest c omputer account f or Mac OS X users, see “ W ork ing with Gue st Computers ” on page 1 07. Using Mac OS X P or table C omputers with One Primary Local User Y ou can also distribute portable computers with only local accounts and not assign mobile or netwo[...]

  • Seite 143

    Chapter 8 Managing Portable Computers 143 When using a wireless mobile lab , it is v er y difficult t o control who uses s pecific computers. Unlike personal por table computers (wher e you know who uses which computer), or with stationar y computers (wher e you can assign seating charts), it is hard to consisten tly use a distribution scheme for a[...]

  • Seite 144

    144 Chapter 8 Managing Portable Computers Because multiple users can store it ems in the local home folder for a generic acc ount, you might want to periodically clean out that f older as part of your maintenance routine. Y ou might also recommend that students sa ve files to a netw ork drop box to ensur e their files are not deleted , and to allo [...]

  • Seite 145

    Chapter 8 Managing Portable Computers 145 If you enable the option, a ser ver daemon updates the database of changed file s. T he user ’ s c omputer scans only the folders in the local home f older that have been modified since the last time the database was updated . T o enable the option, TCP port 23 36 must be open on your file ser ver’ s fi[...]

  • Seite 146

    146 Chapter 8 Managing Portable Computers[...]

  • Seite 147

    9 147 9 Client Man agemen t O v er view This chapter pr ovides an in troduction to Mac OS X client management. Client management is the cen tralized administration of your users ’ c omputer experience, as shown in the following illustration. It ’ s usually implement ed by : Â Managing access to network prin ters and to server-resident home f o[...]

  • Seite 148

    148 Chapter 9 Client Management Overview Using Netw ork-Visible Resources Mac OS X Ser ver lets y ou make various resourc es visible throughout your netw ork so users can access them from diff erent computers and v arious locations. There are sev eral key network-visible resource s: Â Network home folders . A home folder , often r eferred to as a [...]

  • Seite 149

    Chapter 9 Client Management Overview 149 Cust omizing the User Experience Y ou manage a network user’ s work environmen t by defining prefer ences—settings that customize and con trol the user ’ s computer experience. There are tw o panes in Workgroup Manager P referenc es: Overview and D etails . T o manage predefined system pref erences , u[...]

  • Seite 150

    150 Chapter 9 Client Management Overview Designing the Login Experienc e An example of the power of pref erence management is the ability to shape and contr ol the user ’ s login experienc e. Y ou can set up Login prefer ences for comput ers and computer groups to c ontrol the appearance of the login window . The follo wing table provides example[...]

  • Seite 151

    Chapter 9 Client Management Overview 151 Choosing a W orkgroup In addition to customizing the login window , you can manage login pref erences that affect whether users choose workgroups. If you don ’t manage login acce ss preference s, after the user authenticates , a list of available w orkgroups appears (depending on computer settings and if t[...]

  • Seite 152

    152 Chapter 9 Client Management Overview Any pref erences associated with the user , the chosen workgroup , parent workgroups, and the computer being used , tak e eff ect upon login. If you manage login access pref erences , you can customize the workgroup choosing process . F or example, you could: Â Ensure that the workgroup chooser is alwa ys s[...]

  • Seite 153

    Chapter 9 Client Management Overview 153 Applications can be stored locally on a c omputer ’ s har d disk or on a ser v er in a share point. If applications are stored locally , users can find them in the Applications folder . If applications are stored in a share poin t and you don ’t add the share poin t as a login item, the user must connec [...]

  • Seite 154

    154 Chapter 9 Client Management Overview[...]

  • Seite 155

    10 155 10 Manag ing Pr efer ence s This chapter pr ovides inf ormation about managing pref erences f or users, workgroups , computers , and computer groups. By managing preferenc es for users , workgroups, computers, and computer groups, you can customize the user’ s experience and restrict user access to only the applications and network resour [...]

  • Seite 156

    156 Chapter 10 Managing Preferences Understanding Managed Pr eferenc e Inter actions Y ou can define prefer ences for user accoun ts, group accounts, computers , and computer groups that are set up in a shar ed director y domain. Dock Dock location, behavior , and items . For more inf ormation, see “Managing Dock Preference s” on page 1 7 4. En[...]

  • Seite 157

    Chapter 10 Managing Preferences 157 A user whose account has defined pref erences is ref erred to as a managed user . An individual computer , or a computer that is a member of a computer group with defined preferenc es, is called a managed computer . A group with defined pref erences is called a workgr oup. Energy Sav er , Time M achine , and L og[...]

  • Seite 158

    158 Chapter 10 Managing Preferences Y ou could set up Media Acce ss preference s for workgr oups or computer groups to limit all students ’ acce ss but override these r estrictions for lab assistants using Media Access settings at their user acc ount level. Y ou could also designate a s pecific computer for media r ecording by ov erriding the res[...]

  • Seite 159

    Chapter 10 Managing Preferences 159 Computer gr oup preference s also offer a way to manage the pr eference s of users who don ’t hav e a network account but who can log in t o a Mac OS X comput er using a local account. ( The local acc ount, defined using the Accounts pane of System Pr eferences , resides on the user ’ s c omputer .) T o manag[...]

  • Seite 160

    160 Chapter 10 Managing Preferences  Once is available f or some prefer ences. Y ou can create defa ult preferenc es, which users can then modify and keep the modifications. T hese prefer ences are effectively unmanaged. F or example, you could set up a group of computers t o display the Dock in a certain way the first time users log in. A user c[...]

  • Seite 161

    Chapter 10 Managing Preferences 161 Managing preference s means you can contr ol settings for certain system preference s in addition to controlling user acc ess to system pref erences , applications, printers , and remov able media. Information about settings and pref erences in user , group, or computer records is stored in a directory domain acc[...]

  • Seite 162

    162 Chapter 10 Managing Preferences 5 In each Pr eference pane , selec t a Manage option. In Media Access , the management setting applies t o all preference s rather than to individual panes. 6 Select preference settings or fill in information y ou want to use. Some management settings are not a vailable for some pr eferences , and some preferenc [...]

  • Seite 163

    Chapter 10 Managing Preferences 163 2 Make sure the correct director y is selected and you ar e authenticated . T o switch directories , click the globe icon. If you are not authenticated , click the lock and enter the name and passwor d of a director y domain administrator . 3 Click the Computers butt on and select one or more computers. 4 Click t[...]

  • Seite 164

    164 Chapter 10 Managing Preferences Y ou can use the Once setting to creat e default settings. These are settings that, when saved , take effect the next time users log in. Users can then modify their settings and save their modified settings f or future use. T o selectively disable prefer ence management: 1 In W orkgroup Manager , click Preferenc [...]

  • Seite 165

    Chapter 10 Managing Preferences 165 Â If you don ’t manage the Applications pane , L egacy settings tak e eff ect for any version of Mac OS X. Â If your users run Mac OS X v1 0. 4 or earlier , only Legacy settings tak e eff ect. Y ou can also use settings in Applications pref erences to allo w only specific widgets in Dashboard or to disable F [...]

  • Seite 166

    166 Chapter 10 Managing Preferences Applications that include helper applications are denoted b y a disclosure triangle. When you click the disclosure triangle , you’ll see a list of helper applications. By default, these helper applications are allow ed to open. Y ou can disable individual helper applications, but the application may behave erra[...]

  • Seite 167

    Chapter 10 Managing Preferences 167 6 Select “Restrict which applications are allow ed to launch.” 7 Click the Applications tab (within the Applications pane), click the Add (+) button, choose an application you want to alwa ys allow , and then click Add . When you allow an application, you also allow all helper applications included with that [...]

  • Seite 168

    168 Chapter 10 Managing Preferences 8 T o prevent users fr om opening specific widgets, select the widget and click the Remove (–) button. 9 Click Apply Now . Disabling F ront Ro w With W orkgroup Manager , you can disable Fron t Row . T o disable F ront Row: 1 In W orkgroup Manager , click Preferenc es. 2 Make sure the correct director y is sele[...]

  • Seite 169

    Chapter 10 Managing Preferences 169 Allowing UNIX tools enhances application c ompatibility and efficient operation, but may decrease security . If you don ’t manage Applications settings f or computers running Mac OS X v1 0.5 or later , Legac y settings ar e used. T o set up a list of accessible applications: 1 In W orkgroup Manager , click Pref[...]

  • Seite 170

    170 Chapter 10 Managing Preferences The table below describe s what settings in each Classic pane can do. Selec ting Classic Startup Options W orkgroup Manager provides a number of wa ys to control ho w and when the Classic environmen t star ts . If users often work with applications that run in Classic, it is convenien t to have Classic star t up [...]

  • Seite 171

    Chapter 10 Managing Preferences 171 8 Click Apply Now . Choosing a Classic Syst em F older In most cases, there is only one Mac OS 9 System F older on a computer , and it is on the Mac OS X star tup disk. In this case, you don ’t need to s pecify a Classic System F older . If a computer has multiple Mac OS 9 System F olders on the star tup disk a[...]

  • Seite 172

    172 Chapter 10 Managing Preferences Y ou can allow users to perform special actions, such as turning off ex t ensions, star ting or restarting Classic, or rebuilding the Classic desktop file, from the Advanc ed pane of Classic system prefer ences. Y ou might want to allow this for specific users , such as members of your technical staff . T o allow[...]

  • Seite 173

    Chapter 10 Managing Preferences 173 T o switch directories , click the globe icon. If you are not authenticated , click the lock and enter the name and passwor d of a director y domain administrator . 3 Select one or more users, groups, computers , or computer groups. 4 Click Classic. 5 Click Adv anced and then set the management setting to Always [...]

  • Seite 174

    174 Chapter 10 Managing Preferences Maintaining C onsistent U ser Pr eference s for Classic Ordinarily , Classic looks for a user’ s Mac OS 9 preferences data in the Mac OS 9 Sy stem F older . If a user has more than one computer , or if multiple users work on the same computer , mak e sur e Classic uses prefer ences from the Home folder in ~/Lib[...]

  • Seite 175

    Chapter 10 Managing Preferences 175 T o switch directories , click the globe icon. If you are not authenticated , click the lock and enter the name and passwor d of a director y domain administrator . 3 Select one or more users, groups, computers , or computer groups. 4 Click Dock and then click Dock Display . 5 Set the management setting to Once o[...]

  • Seite 176

    176 Chapter 10 Managing Preferences 5 Click Dock and then click Dock I tems . 6 Set the management setting to Once or Always . If you select Once, the group folder icon appears in the user’ s Dock initially , but the user can remove it. 7 Select “ Add group f older .” 8 Click Apply Now . If you change the location of the group share point , u[...]

  • Seite 177

    Chapter 10 Managing Preferences 177 The My Applications folder c ontains aliases for appr oved applications listed in the Applications pref erence pane. If you do not manage the Applications prefer ence, available applications ar e shown. If you enable Simple Finder , you should display the My Applications folder . 8 T o add the Documents folder , [...]

  • Seite 178

    178 Chapter 10 Managing Preferences The table below summarize s what you can control with settings in each Ener gy Saver pane. Using Sleep and W ake Settings for Desktop C omputers Putting a comput er to sleep save s energy because it turns off the displa y and stops the hard disk from running . W ak ing up from sleep is fast er than star ting up y[...]

  • Seite 179

    Chapter 10 Managing Preferences 179 7 T o set wake and restart settings, choose Options from the Settings pop-up menu and do the following: 8 Click Apply Now . T o manually wake up a sleeping computer or display , the user can click the mouse or press a key on the keyboard. Setting Energy Sav er Settings for P or table Comput ers Y ou can use Energ[...]

  • Seite 180

    180 Chapter 10 Managing Preferences 6 T o adjust sleep settings, choose Sleep from the Settings pop-up menu and do the following: 7 T o set wake and restart settings, choose Options from the Settings pop-up menu and do the following: 8 Click Apply Now . T o manually wake up a sleeping computer or display , users can click the mouse or press a key o[...]

  • Seite 181

    Chapter 10 Managing Preferences 181 Users should be encouraged to monitor batt er y status when not connected to external power and use a pow er adapter when possible to maintain a fully char ged battery. T o show battery status in the menu bar: 1 In W orkgroup Manager , click Preferenc es. 2 Make sure the correct director y is selected and you ar [...]

  • Seite 182

    182 Chapter 10 Managing Preferences 8 Click Apply Now . Managing F inder P refer ences Y ou can control v arious aspects of Finder menus and windo ws, which can help improve or control w orkflow . F or example, you can simplify the user experience by enabling Simple F inder . Y ou can also prevent users fr om writing to or ejecting disks. The table[...]

  • Seite 183

    Chapter 10 Managing Preferences 183 T o turn on Simple F inder: 1 In W orkgroup Manager , click Preferenc es. 2 Make sure the correct director y is selected and you ar e authenticated . T o switch directories , click the globe icon. If you are not authenticated , click the lock and enter the name and passwor d of a director y domain administrator .[...]

  • Seite 184

    184 Chapter 10 Managing Preferences 4 Click Finder , click the Pref erences tab , and then select a management setting. 5 Under “New Finder window shows ,” choose the default folder f or the Finder window . Select Home to show items in the user ’ s home f older . Select Computer to show the top-lev el folder , which includes local disks and m[...]

  • Seite 185

    Chapter 10 Managing Preferences 185 5 Select “ Always show file extensions.” 6 Click Apply Now . Con trolling User A ccess t o Remote Ser v ers Users can connect to a remote server by choosing the “Connect to Ser v er ” command in the Finder Go menu and pr oviding the server ’ s name or IP address . I f y ou don ’t want users to access [...]

  • Seite 186

    186 Chapter 10 Managing Preferences T o switch directories , click the globe icon. If you are not authenticated , click the lock and enter the name and passwor d of a director y domain administrator . 3 Select one or more users, groups, computers , or computer groups. 4 Click Finder , click Commands, and then set the management setting to Always. 5[...]

  • Seite 187

    Chapter 10 Managing Preferences 187 4 Click Finder , click Commands, and then set the management setting to Always. 5 Deselect “Go to Folder .” 6 Click Apply Now . Removing Restart and Shut Down from the Apple Menu If you don ’t want t o allow users to restart or shut down the computer they’re using , y ou can remove the Re star t and Shut [...]

  • Seite 188

    188 Chapter 10 Managing Preferences 8 Click Apply Now . Adjusting the Ap pearance of F inder Windo w Con tents Items in Finder windows can be view ed in a list or as icons. Y ou can control aspects of how these items look, as well as whether to show the toolbar in a F inder window. Default V iew settings contr ol the overall appearance of all F ind[...]

  • Seite 189

    Chapter 10 Managing Preferences 189 Managing Login P reference s Use Login pr eferences t o set options for user login, to provide password hin ts, and to control the user’ s ability to restar t and shut do wn the computer from the login window . Y ou can also mount a group volume or set applications to open when a user logs in. The table below s[...]

  • Seite 190

    190 Chapter 10 Managing Preferences The directory administrator account is considered a network accoun t, and is therefore hidden when you don ’t show network users. Another way to hide this account w ould be to set the directory administrator account’ s user ID to below 1 00. For mor e information, see “Modifying User IDs” on page 67. Y ou[...]

  • Seite 191

    Chapter 10 Managing Preferences 191 T o ensure that a type of user doesn ’t show up in the list, deselect the corresponding setting. T o display mobile accoun ts on client computers with Mac OS X v1 0.5 or later , select “Show mobile accounts .” T o display mobile accoun ts on client computers with Mac OS X v1 0.4 installed , select “Show l[...]

  • Seite 192

    192 Chapter 10 Managing Preferences T o configure miscellaneous log in options: 1 In W orkgroup Manager , click Preferenc es. 2 Make sure the correct director y is selected and you ar e authenticated . T o switch directories , click the globe icon. If you are not authenticated , click the lock and enter the name and passwor d of a director y domain[...]

  • Seite 193

    Chapter 10 Managing Preferences 193 Note: A user with an administrator account in a clien t computer’ s local direc t or y domain can always log in. T o choose who can log in: 1 In W orkgroup Manager , click Preferenc es. 2 Make sure the correct director y is selected and you ar e authenticated . T o switch directories , click the globe icon. If [...]

  • Seite 194

    194 Chapter 10 Managing Preferences The follo wing access options control w orkgroup settings at login. T o customize the w orkgroups displa yed at log in: 1 In W orkgroup Manager , click Preferenc es. 2 Make sure the correct director y is selected and you ar e authenticated . T o switch directories , click the globe icon. If you are not authentica[...]

  • Seite 195

    Chapter 10 Managing Preferences 195 When enabling the use of login and logout scripts, you can set a trust value for the client. T rust values determine the required level of a uthentication befor e a client trusts a ser v er enough to run its scripts. Most trust values directly correlate to LDAP security policy settings that are configured in Dire[...]

  • Seite 196

    196 Chapter 10 Managing Preferences 4 Click Edit. 5 If the local host name contains special nonalphabetic or non-numeric characters such as spaces , dashes, and underscores , remove the special characters and then click OK. F or example, change local host names like “ Anne-Johnson ’ s-Computer” to “ AnneJohnsonsComputer .” 6 Optionally , [...]

  • Seite 197

    Chapter 10 Managing Preferences 197 Y ou can ’t run scripts that are lar ger than 30 KB . T o choose login or logout scripts: 1 In W orkgroup Manager , click Preferenc es. 2 Make sure the correct director y is selected and you ar e authenticated . T o switch directories , click the globe icon. If you are not authenticated , click the lock and ent[...]

  • Seite 198

    198 Chapter 10 Managing Preferences The application remains open but its windows and menu bar remain hidden un til the user activates the application (for example , b y clicking its icon in the D ock). 8 T o automatically connect the user to a server , select the ser ver and then select “Mount share point with user’ s name and password.” The [...]

  • Seite 199

    Chapter 10 Managing Preferences 199 T o automa tically mount the Network Home: 1 In W orkgroup Manager , click Preferenc es. 2 Make sure the correct director y is selected and you ar e authenticated . T o switch directories , click the globe icon. If you are not authenticated , click the lock and enter the name and passwor d of a director y domain [...]

  • Seite 200

    200 Chapter 10 Managing Preferences If you don ’t want the gr oup share point to appear in the Dock, selec t the Hide checkbox. 9 Make sure “Mount share point with user ’ s name and password” is selec ted . 10 Click Apply Now . Managing Media Acce ss Pr eferenc es Media Access pref erences let y ou control settings f or and access to CDs , [...]

  • Seite 201

    Chapter 10 Managing Preferences 201 Con trolling Acc ess to Hard Driv es, Disks, and Disk Images Y ou can control acc ess to internal or external disk driv es such as floppy disk drives , Zip drives , and F ireWire drives . Y ou can also control access to disk image s (files with the .dmg extension). If you disallow external disks, external disks a[...]

  • Seite 202

    202 Chapter 10 Managing Preferences 6 In Disc Media or Other M edia, select “Eject all remov able media at logout.” 7 Click Apply Now . Managing Mobility Pref erence s Y ou can automatically creat e mobile accounts for users during their next login. If your computers hav e Mac OS X v1 0.5 or later , you can also encrypt the contents of the mobi[...]

  • Seite 203

    Chapter 10 Managing Preferences 203 Note: When a mobile account is enabled , it appears in the login window and in the Accounts pane of S ystem P reference s with the label Mobile . When the acc ount is selected in the Accounts pane , some settings may appear dimmed. T o create a mobile acc ount using Work group Manager: 1 In W orkgroup Manager , c[...]

  • Seite 204

    204 Chapter 10 Managing Preferences After a user creates a mobile acc ount, the local home folder for that account sta ys on the computer until it’ s deleted . Y ou can delete the local home folders to sa ve disk space , or you can set an expiration period on the mobile account so the local home folders are deleted when the acc ount expires . F o[...]

  • Seite 205

    Chapter 10 Managing Preferences 205 6 Choose one of the following home f older options and then click OK. Enabling F ileV ault for Mobile A ccounts If your users have c omputers with Mac OS X v1 0.5 or later installed , y ou can use FileV ault to encrypt the local home folders for their mobile accounts . FileV ault encrypts the user ’ s local hom[...]

  • Seite 206

    206 Chapter 10 Managing Preferences Additionally , if you make the maximum size of the local home folder smaller than the network home disk quota, you can provide more flexibility for handling files with sync conflicts. If a mobile account is protected with F ileV ault, the user must be logged in to share files using File Sharing . T o enable F ile[...]

  • Seite 207

    Chapter 10 Managing Preferences 207 Selecting the Location of a Mobile Accoun t Y ou can select the location of a mobile account’ s local home folder or you can let the user select the location. If you select the location, choose from one of the following . If you choose a location at a specific path, make sure that the folder has the following p[...]

  • Seite 208

    208 Chapter 10 Managing Preferences 4 Click Mobility , click A ccount Creation, click Creation, and then set the management setting to Always. 5 Select “Cr eate mobile account when user logs in to netw ork account.” This option must be selected to enable a mobile account f or the selected account. 6 Click Options and then set the management set[...]

  • Seite 209

    Chapter 10 Managing Preferences 209 T o switch directories , click the globe icon. If you are not authenticated , click the lock and enter the name and passwor d of a director y domain administrator . 3 Select one or more users, groups, computers , or computer groups. 4 Click Mobility , click A ccount Creation, click Creation, and then set the mana[...]

  • Seite 210

    210 Chapter 10 Managing Preferences T o set an expiration period: 1 In W orkgroup Manager , click Preferenc es. 2 Make sure the correct director y is selected and you ar e authenticated . T o switch directories , click the globe icon. If you are not authenticated , click the lock and enter the name and passwor d of a director y domain administrator[...]

  • Seite 211

    Chapter 10 Managing Preferences 211 Pr ecede the folder with ~/ to denote the location of the sync ed folder in the user’ s home folder . For example , to sync the user’ s Documents folder , enter ~/Documents. 8 Alternatively , click the Browse (...) button for the “Sync at login and logout ” and “Sync in the background” lists to browse[...]

  • Seite 212

    212 Chapter 10 Managing Preferences 9 Click Apply Now . Setting the Background Sync F requenc y Y ou can change the frequency of syncing for background folders . By default, background folders sync ev er y 2 0 minutes. Y ou can set frequencies from 5 minutes to 8 hours. If you set the frequency to a long interval, you run a higher risk of users loa[...]

  • Seite 213

    Chapter 10 Managing Preferences 213  Enabling background , login, and logout sync  Selecting what is synced  Setting the sync frequency  Enabling the mobile account status menu If you disable the mobile account status menu , the user can still configure his or her mobile account in the Acc ounts pane of System P references. T o show mobile [...]

  • Seite 214

    214 Chapter 10 Managing Preferences Y ou must assign a single server for every t ype of pro xy ser ver (f or example, you can ’t have multiple FTP pr oxy ser vers). T o configure pro x y servers for a user or a group: 1 In W orkgroup Manager , click Preferenc es. 2 Make sure the correct director y is selected and you ar e authenticated . T o swit[...]

  • Seite 215

    Chapter 10 Managing Preferences 215 Â A domain name, such as apple.com. This bypasses apple .com but not subdomains such as store.apple .com. Â An entire websit e including all subdomains, such as *.apple.com. Â A subnet in Classless Inter-Domain Routing (CIDR) notation. For example , to add a subnet of 1 92. 1 68.2.x, you would name that view 1[...]

  • Seite 216

    216 Chapter 10 Managing Preferences 5 Set the management setting to Always. 6 Select Disable Internet Sharing. 7 Click Apply Now . Disabling AirP or t If you disable AirP or t, it is disabled the nex t time a comput er retrieves managed preferenc es. If the computer had active AirP or t connections , they are immediately disconnected. T o reenable [...]

  • Seite 217

    Chapter 10 Managing Preferences 217 Managing P aren tal Con trols P refer ences P arental C ontrols pref erences allow y ou to hide profanity in Dictionar y , limit access to websites , or set time limits or other contraints on computer usage. T o manage P arental Contr ols preference s, computers must have Mac OS X v1 0.5 or later . The table belo[...]

  • Seite 218

    218 Chapter 10 Managing Preferences T o switch directories , click the globe icon. If you are not authenticated , click the lock and enter the name and passwor d of a director y domain administrator . 3 Select one or more users, groups, computers , or computer groups. 4 Click P arental C ontrols and then click C ontent F iltering. 5 Set the managem[...]

  • Seite 219

    Chapter 10 Managing Preferences 219 2 Make sure the correct director y is selected and you ar e authenticated . T o switch directories , click the globe icon. If you are not authenticated , click the lock and enter the name and passwor d of a director y domain administrator . 3 Select one or more users, groups, computers , or computer groups. 4 Cli[...]

  • Seite 220

    220 Chapter 10 Managing Preferences If you set a time limit for comput er usage, users who meet their daily time limits can’ t log in until the next day when their quota is reset. Y ou can set different time limits for weekdays (Monda y through F riday) and weekends (Saturday and Sunda y). The time limit can range from 30 minut es to 8 hours. If [...]

  • Seite 221

    Chapter 10 Managing Preferences 221 Making Printers A vailable t o Users T o give users access to printers, you must first set up a printer list. Then you can allow specific users or groups to use prin ters in that list. Y ou can also make printers av ailable to computers . A user ’ s list of prin ters is a combination of printers a vailable to t[...]

  • Seite 222

    222 Chapter 10 Managing Preferences 6 Click Print er List. 7 Deselect “ Allow user to modify the printer list.” 8 Click Apply Now . Restricting Access t o Prin ters Connected to a C omputer In some situations, you might want only certain users to print to a printer c onnected directly to their computer . F or example, if you have a c omputer in[...]

  • Seite 223

    Chapter 10 Managing Preferences 223 4 Click Printing and then click P r in ters. 5 Set the management setting to Always. 6 Click Access . 7 Select a printer listed in User’ s Printer List and then click Make Default. 8 Click Apply Now . Restricting Access t o Prin ters Y ou can require an administrator user name and passw ord to print to s pecifi[...]

  • Seite 224

    224 Chapter 10 Managing Preferences T o switch directories , click the globe icon. If you are not authenticated , click the lock and enter the name and passwor d of a director y domain administrator . 3 Select one or more users, groups, computers , or computer groups. 4 Click Printing and then click F ooter . 5 Set the management setting to Always.[...]

  • Seite 225

    Chapter 10 Managing Preferences 225 If a user can see a par ticular pref erence , it does not mean the user can modify that preferenc e. Some preferences , such as Star tup Disk prefer ences, require an administrator name and password bef ore a user can modify its settings. The pref erences that appear in Workgroup Manager are those installed on th[...]

  • Seite 226

    226 Chapter 10 Managing Preferences Time Machine is most appropriate for backing up computers with primarily local accounts. It is also useful if users have administrative contr ol over the comput er and can install their own applications. Y ou can limit the total backup storage per comput er . When you limit total backup storage for a comput er gr[...]

  • Seite 227

    Chapter 10 Managing Preferences 227 Managing Universal A ccess P reference s Universal Acc ess settings can help improve the user experienc e for some users. For example, if a user has difficulty using a computer or wants to work in a differ ent way , you can choose settings that enable the user to work mor e effectively . Using Workgroup Manager ,[...]

  • Seite 228

    228 Chapter 10 Managing Preferences T o adjust screen appearance: 1 In W orkgroup Manager , click Preferenc es. 2 Make sure the correct director y is selected and you ar e authenticated . T o switch directories , click the globe icon. If you are not authenticated , click the lock and enter the name and passwor d of a director y domain administrator[...]

  • Seite 229

    Chapter 10 Managing Preferences 229 Sticky Keys help users who can’t pr ess multiple keys simultaneously . It treats a sequence of modifier keys (Shift, Command , Option, and C ontrol) like a key combination. For example , to press C ommand-O , users can pre ss Command and then O . T o hold down a key with multiple keystrokes, users can press the[...]

  • Seite 230

    230 Chapter 10 Managing Preferences T o turn off the key-combination aler t , deselect “Beep when a modifier k ey is set.” T o turn off onscreen display of keystrokes , deselec t “Show pressed keys on screen.” 7 T o activate Slow Keys, select Slow Keys On. If you don ’t want a udio feedback during keystrokes, deselect “Use click key sou[...]

  • Seite 231

    Chapter 10 Managing Preferences 231 T o allow Universal A ccess Shortcuts: 1 In W orkgroup Manager , click Preferenc es. 2 Make sure the correct director y is selected and you ar e authenticated . T o switch directories , click the globe icon. If you are not authenticated , click the lock and enter the name and passwor d of a director y domain admi[...]

  • Seite 232

    232 Chapter 10 Managing Preferences F or example, in Safari you can disable Jav aScript by setting the Jav aScript Enabled key to “false.” If you sav e this key in the O ften gr oup, the user can enable JavaScript during their current login session but Ja vaScript is disabled when the user logs out and logs in again. Some application developers[...]

  • Seite 233

    Chapter 10 Managing Preferences 233 When you use your own application pr eference s, you can choose the management frequency applied to those preference s: Some applications use ByHost preferenc es. These pref erences apply to a s pecific user for a specific c omputer . F or example, if a network user sets screen sav er preference s, they are sav e[...]

  • Seite 234

    234 Chapter 10 Managing Preferences 8 Click Add . 9 If you ’ re asked to replace the manif est, click Replace to replace the manifest. Replacing the manifest changes the underlying manif est file for the application but it doesn ’t change existing managed preferences . 10 If you ’ re asked to replace the managed pref erences , click Replace t[...]

  • Seite 235

    Chapter 10 Managing Preferences 235 3 Select one or more users, groups, computers , or computer groups. 4 Select an item in the list and click the Edit (pencil) button. 5 T o locate the keys you want to change , click the disclosure triangles. 6 T o add a key to the application ’ s prefer ences file, click the disclosure triangle for the frequenc[...]

  • Seite 236

    236 Chapter 10 Managing Preferences Using the P referenc e Editor to Man age Core Services Y ou can add several important manifests by adding a single cor e ser vic es bundle. These manifests allow managemen t of many featur es that are unav ailable through the main preferenc e editing interface. F or example, you can disable Bluetooth, lock iT une[...]

  • Seite 237

    Chapter 10 Managing Preferences 237 T o add the core services bundle to the pref erence editor list: 1 In W orkgroup Manager , click Preferenc es and then click Details. 2 Make sure the correct director y is selected and you ar e authenticated . T o switch directories , click the globe icon. If you are not authenticated , click the lock and enter t[...]

  • Seite 238

    238 Chapter 10 Managing Preferences 4 Click the Add (+) button, select /Applications/Safari, and then click Add . The pref erence manifests included with older v ersions of Safari don ’t hav e as many configurable prefer ences as the Safari version included with Mac OS X v1 0.5 or later . Y ou can replace old Safari pref erence manif ests by addi[...]

  • Seite 239

    11 239 11 Solving P roblems If you encoun ter problems as y ou work with W orkgroup Manager , you ma y find a solution in this chapter . If the answer to your question isn ’t here , try searching W orkgroup Manager Help for new topics. Y ou can also search the Apple Service & Suppor t w ebsite for inf ormation and solutions at www .apple.com/[...]

  • Seite 240

    240 Chapter 11 Solving Problems Y our computers should be on the same time zone . I f they ar e not on the same time zone , send the following UNIX c ommand: sudo systemsetup -settimezone ‘US/Pacific’ F or other time zones , see the man page for systemsetup . For instructions on sending UNIX commands through Apple Remot e Desktop , see the Appl[...]

  • Seite 241

    Chapter 11 Solving Problems 241 The resulting log should ha ve an answer section, which displays the IP address of your Open Director y mast er ser v er . If there is no answ er section, or if the IP address is incorrect, per form further analysis on your DNS ser vic e. 3 In the Lookup pane of Network Utility , enter the IP address of your Open Dir[...]

  • Seite 242

    242 Chapter 11 Solving Problems 3 On a client computer , open Network Utility , click Inf o , and then select the network interface that connects to your network. If the displayed IP addr ess is not in your range of supplied addresse s, the computer is not receiving an IP address thr ough your DHCP service. If the IP address is 1 69 . 2 54.x.x, it [...]

  • Seite 243

    Chapter 11 Solving Problems 243 An administrator account in the comput er ’ s local dir ector y domain can ’t be used to authenticate as an administrat or of a shared LDAP directory. If Y ou Can’ t Modify a User ’ s Open Director y P assword T o modify the password of a user whose passwor d type is Open Director y , you must be an administr[...]

  • Seite 244

    244 Chapter 11 Solving Problems  If the user ’ s accoun t resides in a directory domain that is not available , create a user account in a directory domain that is available.  Make sure the client software encodes the password so it is r ecognized correctly . F or example, Open Director y rec ognizes UTF-8 encoded strings , which may not be s[...]

  • Seite 245

    Chapter 11 Solving Problems 245 If Users Can ’t Log In with A ccoun ts in a Shared Directory D omain Users can ’t log in using accoun ts in a shared directory domain if the ser ver hosting the director y isn ’t accessible. A server can become inaccessible due to a problem with the network, the ser ver software , or the server hardware. Proble[...]

  • Seite 246

    246 Chapter 11 Solving Problems If a Windows User Has No Home F older If a user ’ s home f older isn ’t mounted in Windows, verify the following: Â Make sure the correct home folder location is selected in the Home pane of W orkgroup Manager . Â Make sure the home folder path is correct in the Windows pane of W orkgroup Manager . It should be[...]

  • Seite 247

    Chapter 11 Solving Problems 247 Â If the drive letter chosen for the user might be c onflicting with a drive letter in use on the Windows workstation, change the drive letter setting in the Windows pane of W orkgroup Manager or change the mappings of other drive letters on the workstation. Solving Pr efer ence Management P roblems This section des[...]

  • Seite 248

    248 Chapter 11 Solving Problems F or example, suppose the default application for viewing PDF files is P review . A user logs in and double-clicks a PDF file on his or her desktop . If the management settings that apply to the user don ’t provide access to P review , the file does not open. If the user has access to a diff erent application that [...]

  • Seite 249

    Chapter 11 Solving Problems 249 Â If the user ’ s login list does not include an y items, all managed login items will open. If you do not select “M er ge with user ’ s it ems,” all login items on either list will open. If you select Once, a user can remove an y items added to their login list. F or details about managing automatically ope[...]

  • Seite 250

    250 Chapter 11 Solving Problems If Users See a Message About an Unexpected Error When you manage Classic pref erences and try to use the Extensions Manager , File Sharing, or Software Update control panels , you might see a message that sa ys “ The operation could not be completed . An unexpec ted err or occurred (error code 1 0 1 6).” This mes[...]

  • Seite 251

    251 Appendix Impor ting and Expor ting Acc ount Informa tion Use W orkgroup Manager to impor t and export accounts, or use the dsimpor t command-line t ool to impor t acc ounts. Y ou can quickly impor t or export user , group , computer , and computer group accounts using W orkgroup Manager . Y ou can also use the dsimport command-line tool to impo[...]

  • Seite 252

    252 Appendix Importing and Exporting Account Information Limitations for Importing and Expor ting P asswords When creating or overwriting records , you must reset passw ords for user accoun ts with Open Director y or shado w passwords. Impor ting passw ords generally works if the password is a plain-text string in the import file. Additionally , yo[...]

  • Seite 253

    Appendix Importing and Exporting Account Information 253 Archiving the Open Directory Master Instead of exporting and impor ting records as a backup of dir ector y data, you can archive and re store the Open Directory master ’ s directory and authentication data. By archiving a copy of the Open Directory master ’ s directory , y ou can later re[...]

  • Seite 254

    254 Appendix Importing and Exporting Account Information 6 T o indicate what to do when the short name of an account being impor t ed matches that of an existing account, select one of the Duplicate Handling options: Â “Over writ e existing record” overwrites any existing recor d in the director y domain. Â “Ignore new record” ignores an [...]

  • Seite 255

    Appendix Importing and Exporting Account Information 255 T o export accounts using Work group Manager: 1 In W orkgroup Manager , click Accounts. 2 Make sure that the director y services of the Mac OS X Ser ver y ou’ re using are configured to acce ss the desired directory domain. F or instructions, see O pen Directory Administration . 3 Click the[...]

  • Seite 256

    256 Appendix Importing and Exporting Account Information The follo wing group account attributes might be pr esent in the XML files: Â Group name (required) Â Group ID (required) Â One member ’ s short name (required) Â Other members’ shor t names Using XML F iles Created with AppleShare IP 6.3 Y ou can use the Web & F ile Admin applica[...]

  • Seite 257

    257 Glossary Glossar y This glossary defines terms and spells out abbreviations you ma y encounter while working with online help or the various ref erence manuals for Mac OS X Server . Reference s to terms defined elsewhere in the glossary appear in italics. access con trol list See ACL . ACE A ccess Con trol Entry . An entr y within the ACL that [...]

  • Seite 258

    258 Glossary computer accoun t A computer account st ores data that allows Mac OS X Server to identify and manage an individual computer . Y ou create a computer acc ount for each computer that you in tend to add to a computer gr oup. See also computer group . computer group A set of comput ers and computer groups , which all receiv e the managed p[...]

  • Seite 259

    Glossary 259 DNS Domain Name System. A distributed database that maps IP addresses to domain names. A DNS ser ver , also known as a name ser ver , keeps a list of names and the IP addresses associated with each name . drop box A shar ed folder with privileges that allow other users t o write to , but not read , the folder’ s contents . Only the o[...]

  • Seite 260

    260 Glossary GUID Globally unique identifier . A hexadecimal string that uniquely identifies a user account, group account, or computer list. Also used to provide user and group identity for access c ontrol list (ACL) permissions , and to associat e par ticular users with group and nested group memberships . GUIDs are 1 28-bit values , which makes [...]

  • Seite 261

    Glossary 261 local directory domain A direc t or y of identification, authentication, authorization, and other administrative data that’ s accessible only on the computer where it re sides. The local director y domain isn ’t accessible from other c omputers on the network. local domain A director y domain that can be acc essed only by the compu[...]

  • Seite 262

    262 Glossary multicast DNS A protocol dev eloped by Apple for a utomatic discov er y of comput ers, devices , and services on IP networks. Called Bonjour (previously Rendezvous) by Apple , this proposed Internet standar d protocol is sometimes r eferred to as Z eroConf or multicast DNS. For more inf ormation, visit www .apple.com or www .zeroconf .[...]

  • Seite 263

    Glossary 263 POP P ost Office Prot ocol. A protocol for retrieving incoming mail. After a user retrieves POP mail, it ’ s stored on the user’ s computer and is usually deleted automatically fr om the mail ser v er . portable home direc tory A portable home direc t or y pro vides a user with both a local and network home folder . The conten ts o[...]

  • Seite 264

    264 Glossary scope A group of services. A scope can be a logical grouping of computers, such as all computers used by the production department, or a physical grouping, such as all computers located on the first floor . Y ou can define a scope as part or all of your network. search path See search policy . search policy A list of director y domains[...]

  • Seite 265

    Glossary 265 T CP T ransmission Control P rotocol. A method used with the Internet P rotocol (IP) to send data in the form of message units betw een computers ov er the Internet. IP handles the actual delivery of the data, and TCP keeps track of the units of data (called packets) into which a message is divided f or efficient routing through the In[...]

  • Seite 266

    266 Glossary[...]

  • Seite 267

    267 Index Index A access ACLs 27, 29 Apple menu 172, 187 application 149, 153, 164, 165, 168, 177 control process 27, 32 disk 183, 185, 201 file 28, 247 folder 28, 38, 153, 186, 245 group 28, 103, 153, 199 guest 117 login 192, 194, 199 media 149, 186, 200, 201, 202 mobile account 134, 135, 136 preferences 149 printing 81, 82, 83, 84, 220, 221, 222,[...]

  • Seite 268

    268 Index B background synchronization 139, 212 backup account 252 Time Machine 150, 157, 225 vs. synchronization 139 backup domain controller. See BDC batch editing 51 batteries 177, 180 BDC (backup domain controller) 55, 57, 114, 245 Bluetooth 216 boot process. See startup browsers, Safari 237 bundle IDs 164 Burn Disc command 186 C calendar servi[...]

  • Seite 269

    Index 269 directories. See directory services; domains, directory; folders directory domain administrator 38, 72 directory services Active Directory 29, 35, 37, 57, 132 administrators for 23 preferences 160 requirements 35 See also domains, directory; Open Directory Directory Utility 195 disk images 21, 22, 148, 201 disks access control 183, 185, 2[...]

  • Seite 270

    270 Index command-line tools 103, 123 My Applications 177 synchronization of 210, 212 System 169, 171 See also group folders; home folders Front Row 165, 168 FTP (File Transfer Protocol) service 215 full name. See long name G GID (group ID) 27, 96 globally unique identifier. See GUID group accounts creating 91, 93 deleting 95 editing 51, 92 exporti[...]

  • Seite 271

    Index 271 iDisk 185 images, disk. See disk images; NetBoot; NetInstall importing accounts 53, 68 authentication 252, 253 command-line tools 251 groups 253 GUID maintenance 252 overview 251 passwords 68, 252 users 253 XML files 255, 256 See also exporting Info settings 84 inheritance, file permission 93 inherited preferences 158 install images. See [...]

  • Seite 272

    272 Index expiration periods 209 external accounts 134, 208 home folders 37, 121, 132, 133, 134, 135, 138, 152, 202, 204, 205, 207 local 136, 142 login 133, 134, 135, 140, 198, 202 overview 13, 131 portable home directories 37, 132 preferences overview 149, 152, 202 removing 204 security 131, 144, 205 setup 140 synchronization 131, 132, 136, 138, 1[...]

  • Seite 273

    Index 273 ports, proxy server 213, 214 POSIX (Portable Operating System Interface) 28, 29 power settings. See Energy Saver predefined accounts 56, 90, 251 preferences account 139 appearance 227 assistive devices 227, 228, 229, 231 browser 237 CDs 200 computer accounts 157, 162 computer groups 157, 158, 163 directory services 160 DVDs 200 group 157,[...]

  • Seite 274

    274 Index shutdown, controlling 181, 187 SID (Security Identifier) 29 Simple Finder 182 simultaneous login privileges 73 single sign-on authentication 245 sleep settings 173, 177, 181 Slow Keys 229 SMB (Server Message Block) protocol service 29, 114, 119, 127 Software Update 150, 224 sshd privilege separation 56 ssh tool 103, 239 startup 21, 148, 1[...]

  • Seite 275

    Index 275 mail service 80, 81 network 31, 136 overview 55 permissions 70 planning for 34, 35 preferences control 149, 157, 161, 174 primary group for 28, 77, 89 print service 81, 82, 83, 84, 220, 221, 222, 223 remote 185, 239, 241 searching for 45, 49, 75 setup 31 sorting 75 tools overview 19 workgroup choice 151 See also clients; groups; home fold[...]